6cdb514e2f1b0d9c3ecc791e2fb0347c99318ee593fee2f39141b68db2199106

Analysis

max time kernel
120s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-09-2024 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3305d0b386a194bef43e593e839382b0N.exe
Size

97KB
MD5

3305d0b386a194bef43e593e839382b0
SHA1

95da62951878ba8936b79c6ec21a6bf4622cbf4f
SHA256

6cdb514e2f1b0d9c3ecc791e2fb0347c99318ee593fee2f39141b68db2199106
SHA512

ff24e8b3bcfc1a9a6cc6589ba1886e598fa7cb4aedc1df3e8163e247072448966e1a69af2805bb00c64c9e9a1447a875b7e88206ef1806443313d504e6c6d288
SSDEEP

3072:6pWpBwchcwD9uduW8mGpWpBwchcwD9uduW8m9:PBuduW8mbBuduW8m9

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (4408) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 2 IoCs

pid	Process
1560	Zombie.exe
4948	_dfrgui.lnk.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Zombie.exe	3305d0b386a194bef43e593e839382b0N.exe
File opened for modification	C:\Windows\SysWOW64\Zombie.exe	3305d0b386a194bef43e593e839382b0N.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp	_dfrgui.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsBase.resources.dll.tmp	_dfrgui.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index.tmp	_dfrgui.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.Client.dll.tmp	_dfrgui.lnk.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	_dfrgui.lnk.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Encoding.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Xaml.resources.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp	_dfrgui.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.EventSource.dll.tmp	_dfrgui.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	_dfrgui.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	_dfrgui.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-oob.xrm-ms.tmp	_dfrgui.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Writer.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Input.Manipulations.resources.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationTypes.resources.dll.tmp	_dfrgui.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\bin\idlj.exe.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\lib\packager.jar.tmp	_dfrgui.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Primitives.dll.tmp	_dfrgui.lnk.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.CodeDom.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.tmp	_dfrgui.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\tzmappings.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.Extensions.dll.tmp	_dfrgui.lnk.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp	_dfrgui.lnk.exe
File created	C:\Program Files\Java\jre-1.8\bin\decora_sse.dll.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.FileVersionInfo.dll.tmp	_dfrgui.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-phn.xrm-ms.tmp	_dfrgui.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ul-oob.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms.tmp	_dfrgui.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\BI-Report.png.tmp	_dfrgui.lnk.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	Zombie.exe
File created	C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.exe.tmp	_dfrgui.lnk.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceProcess.dll.tmp	_dfrgui.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.tmp	_dfrgui.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-pl.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp	Zombie.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp	_dfrgui.lnk.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	_dfrgui.lnk.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Brotli.dll.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.tmp	_dfrgui.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp	_dfrgui.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.tmp	_dfrgui.lnk.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-string-l1-1-0.dll.tmp	_dfrgui.lnk.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONDIRECTX.DLL.tmp	_dfrgui.lnk.exe
File created	C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glow Edge.eftx.tmp	Zombie.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.tmp	Zombie.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Core.dll.tmp	Zombie.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3305d0b386a194bef43e593e839382b0N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Zombie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	_dfrgui.lnk.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 1560	2176	3305d0b386a194bef43e593e839382b0N.exe	91
PID 2176 wrote to memory of 1560	2176	3305d0b386a194bef43e593e839382b0N.exe	91
PID 2176 wrote to memory of 1560	2176	3305d0b386a194bef43e593e839382b0N.exe	91
PID 2176 wrote to memory of 4948	2176	3305d0b386a194bef43e593e839382b0N.exe	90
PID 2176 wrote to memory of 4948	2176	3305d0b386a194bef43e593e839382b0N.exe	90
PID 2176 wrote to memory of 4948	2176	3305d0b386a194bef43e593e839382b0N.exe	90

C:\Users\Admin\AppData\Local\Temp\3305d0b386a194bef43e593e839382b0N.exe
"C:\Users\Admin\AppData\Local\Temp\3305d0b386a194bef43e593e839382b0N.exe"
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Users\Admin\AppData\Local\Temp\_dfrgui.lnk.exe
  "_dfrgui.lnk.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:4948
- C:\Windows\SysWOW64\Zombie.exe
  "C:\Windows\system32\Zombie.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4288,i,5469445176230119590,7931734017267321834,262144 --variations-seed-version --mojo-platform-channel-handle=3756 /prefetch:8
1⤵
PID:2492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.exe.tmp

Filesize
98KB

MD5
0c83ca4e3237ec52f51aabdd0f3f11c0

SHA1
f3bc0769c158b19bc32fd5fdae320205f66f2449

SHA256
222f7778279a807d204841b5ab19e2a6a2ddc1e0cc5ffaf700948eff3a6adaed

SHA512
bfee9dea9f62d523d15a075b523884578ff2c584d05cfad7552a0aa7d2218cbd5923ccdb912432a2f87399d4425776594d5b3117f39e963d48317b51dac5997a

Download Submit
C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.tmp

Filesize
48KB

MD5
ca51738cf8dc540dc753052ee4555aa0

SHA1
7da91f6fae2976f2d75ee4e3c40da3ab3557a0e8

SHA256
f7b58b56801238e5b22a935502ddc27b196591f63716693dfe4bd96385ac874b

SHA512
b3352337c5a8a48e8dc3ebae2d7093944c052404a5163d10daa6e3716e86985ccec2c601a6253e10e93f5092b470a76633465aef5446d58a640564d9e94d6637

Download Submit
C:\Program Files\7-Zip\7-zip.chm.exe

Filesize
160KB

MD5
4fe83ff3430f49072c2df71ce60f099a

SHA1
f6e9eac167825c42c12c17e544f448be125d5f8a

SHA256
7d56f145a90a2ec6f06d0b68998b0f82fdd559cd024a01ed25f37510c3973be4

SHA512
17c31e44aa79e8ab73f8cf3dc30855bbf277eb7ff05910efdf207a55c73fb7d4e79994e02deaba5f5d95398b02f4aa603bc9ecff5f00092ba095dd329857efed

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
146KB

MD5
b80e9910a61ab97fa47dc3edaa616d14

SHA1
a84918ad4899afb1cb6582ebb7e46407a0dde732

SHA256
77f5174d1c006c7a383ff40521e8df7af5234163e930db75a6ff2847bba8546c

SHA512
33ce517c2110eaa4dc511994a9bba7bc2d8ead412408ecc6a4887c4416be723481cd3be68753c07c8448dd96cf27a4735e406b149618f45231434a298035f9ee

Download Submit
C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
112KB

MD5
8a25c6cefe45864fe48a382e244fef20

SHA1
d7e61723a83dc57efd0fe030e26f1b8d462d1c4a

SHA256
684b79250222b4851d7f295805cd90c768943490109f52b8f5ab4b9fbda2d6e2

SHA512
027614d2fdea015cde91d4e19450e146752cf86075d12fbf89102c30f521518afbccaaff850ac7a27185c1252e018e9f1057ad67eb63fcfa5c8506f68220982a

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
c9b31dfb1cc4f2324e17d02733553ff8

SHA1
c5ed1f4dc01c3e0dc3927fc3bc68702172f7b5a2

SHA256
74f7197230933ef3a6c771d146c4bad6b471f96f17f3245cd9482581ff9ec826

SHA512
5b65d0cb1c57961ed72a30d8c0b8f5053030384133aba3adc22794f486d3a4d1e8d68756b1509b1563d4d5b95218943d9569d5f77c9142fb2d5aedfc84a7f1a2

Download Submit
C:\Program Files\7-Zip\7z.dll.tmp

Filesize
1.8MB

MD5
ccacdd93163e6563b11a958459d56b53

SHA1
ff20045a06d6cccbe40ba97219be55d29347972b

SHA256
d799487540d172bb192843ad096914304274969e9a93730c01b4a2872db59fd3

SHA512
7bd2b2808b87ea41f7e582cf59dee3a2ae7ecafbb37b39f845dd3d2960e16221c08eba68d6ec2369cd3e960b362cd2c552477244e25f5f1597d9b1ab253c16ae

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
594KB

MD5
e02927568b76760a3e699205d28c8092

SHA1
13e345c2ffe3d3a36c74315e70fd6209e7129423

SHA256
03ac2902d9295b109076d9c6a95299ad13aac9dcac792e8a9469caba212dbb64

SHA512
1fa0b52108194b11c4ebbdbdeecd37a4a2b7c5e863d81f680b6cee78a1a0338ca258a44e74aa3e097f0cae14f7fa35cb79779541c4535a5e48f7247163d98250

Download Submit
C:\Program Files\7-Zip\7zCon.sfx.tmp

Filesize
238KB

MD5
c49ccc2f97a1371003842329d92278b5

SHA1
bb4c3248a0809f514acd159929901bc2dd84f625

SHA256
e8c00869bcd1122c3f1e8376df53f6441c880dcef44658c2bc0cc477bcab00cb

SHA512
d7e10880d0d45fad087cda49d1a967ca108a893acde50bb2aa632e5b54edf82ce69e59e580c3a1d22ca797de5b30adf6f52afebdb26b1c772ea96ca2bca539f6

Download Submit
C:\Program Files\7-Zip\7zFM.exe.tmp

Filesize
980KB

MD5
10319052314bde2c1b6b58ae78d97b86

SHA1
da09a1fbf83171b8c5fad3d6e1c571db32a1d5ee

SHA256
1513ddcfa268853150b9a32b09ce5f9c773164aba279db81583cf3c490735c32

SHA512
838a89447c096483aa7943aee4f12436a9e1fb4f724967f9062533b248e6ac466b2c948b07903fe24aa7659e8181557dd1d20d6ca3f12f5bb0d3ab32ae4951b6

Download Submit
C:\Program Files\7-Zip\7zG.exe.tmp

Filesize
734KB

MD5
ebc6946658dd8a1092630411f3cb8aee

SHA1
c2ed5a7a8b96ae33e712a8029b40cd2013a4450e

SHA256
8876bc72104e6f5cef6352c239fc7cdc5eae582330f1f7adf575f91c557f5e3a

SHA512
f323f384a29dc54a0cdc6aa32237c8a8812af324d1e767a6a657a48f581511ada3c6872e07755d7fa0e1ff78533dc4018f33d2271d121b16c103e2cda7befbca

Download Submit
C:\Program Files\7-Zip\Lang\af.txt.exe

Filesize
59KB

MD5
283c498beeb2ed83ab33fccf6f99fc60

SHA1
75f3c166a2e0ae8ee9035858798773eeafe23e17

SHA256
4a0b9b15ecc84957039faf737f7c88c1a43e6774037d035f56432ed709e2a880

SHA512
bedbf4e755824a9aff842ebe63063bdf813f590bd780f7eeebeac1e1aacf00a2f5b025c14d77be3f382b9d532f38167dabcef1db3f328965afb9eddbf21c1e01

Download Submit
C:\Program Files\7-Zip\Lang\an.txt.exe

Filesize
57KB

MD5
4647721e036aa0a44c906171ec6dbf71

SHA1
3d370e687e142743c29fa3a873e5662f51b47db6

SHA256
ecdb52b33ebc5ceae479c664e7160becf579e003413d6c95900ff65a307f1c1b

SHA512
b91d2019dd7a66d0840b0641a28781d96057a0301c66a6e7b126a2f84cf77d2ded6862997cf9990f1127fd5e802e28799adac84ebd11a1c4ddcf3f8d572ca797

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt.exe

Filesize
62KB

MD5
d670658f0a4dba9e1b0b854820df625b

SHA1
f9dc2c5980d4e0ddea2c5c8ef1d36e4ae75d9f57

SHA256
ee164e6b38ad0dda38f9ba0995ec13ece07682d34a81ed0f6ae0460ab2e58202

SHA512
03411b0acfe245fbfb891c1ffe20ad0c5c9beecf9acf820d100c22f3b795324d2ff21b18c3d92f038aeec6ae473469af4d0cbab8a820c339d3a60b64a524b819

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt.tmp

Filesize
56KB

MD5
781a001d456cbcc546a3497ce3e4d3a0

SHA1
bc1a40d794eac849b4bde451fa3df733bb4b2d5e

SHA256
71215d17a843b25772687b66798bbcf44ac3ff57ef7b41075b6fb58c15383b7a

SHA512
0581b9d5894d80c2c8521a74322c4319963ad637cec8e4d4f80a074937b035d535323ace877ef4590472a2f9bbc394646842dd96a85b421e5d71ba8b7254e57b

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.tmp

Filesize
58KB

MD5
15a86c43ed46c2c3f4426b32ae7c6536

SHA1
0f3e3113b5457ad18e19e89851d088ccbfba1a70

SHA256
1904b991b30475422f8846ec21aea67ba8ca26d4bd7ea31cc283ac12012a9642

SHA512
ca3f90766d4c3ee72c85bad1402a29f9d4944c0d4804c30095f5ab4a88f548259c508e60f96c94796761ea9623c9e7d39de539ca7604edd589e77962867d8128

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt.tmp

Filesize
56KB

MD5
2c4786ff432f9f7078b28bce084a8e87

SHA1
3f23016048682755c17dbe98e21ffd24816028fe

SHA256
063f17ab2fc017a98fd4fba0f75406476e02301b8f799b3b14b7d8594d3119fe

SHA512
01a0df3d3128401b1e512cff958f99df21fa7495650ca74f83a612b7bd62029e96e0c04b4e730db74feabd83ca0c87498092ec7d8f4a75dab7a6536e4ac5a8e5

Download Submit
C:\Program Files\7-Zip\Lang\de.txt.tmp

Filesize
59KB

MD5
ceead80ab721d19e5519d09a17f15133

SHA1
852fe585dd26c5f485aad2fad5766c1fdea40662

SHA256
adebfa927bf8c1deac00722791dff5d695873a48394072ae77ee1f27765ed5c8

SHA512
02048e61970b5cc87e135e677c1b5c91b0f653cd1a837011a18df9d00c35b288c51b1c9e58cc0c3fd0064848f48e8945e9a7eecb3e9b3365bf058fc21e6e2271

Download Submit
C:\Program Files\7-Zip\Lang\el.txt.tmp

Filesize
64KB

MD5
6e17ad7e06c6380506a1daf10e93be57

SHA1
b67449ba970cbb4ca82565c16afa48d7faf6b991

SHA256
657f2c07392e535bac9387327b8536ade2f0c3d43e0d7a0ccc357bddc66872c9

SHA512
8a4fd44f33d04a63ee602cbf2bb6bf39a0d77dda9ebb963f727bb305ae6cc28173aa1d08aa7fe66ceb351901a93ca62b1c2310a90074483313574be2d2f77ae2

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt.tmp

Filesize
55KB

MD5
0fa23436253453d5118ef3753d484ee6

SHA1
ad67fa7dd50562fe854ac7bd5a937656a7f30b11

SHA256
e6a1acd74c00882ca70067992dc750957db44509428a4fee4e1b977567a871c7

SHA512
44d6b57acf073287290b4aad3cbd743f95835ce664668fb68eb132faaa5880bd480a7a7946be4d57c12f65684a565e87d5b27fe85614647e8da4e4b96b00df4b

Download Submit
C:\Program Files\7-Zip\Lang\et.txt.tmp

Filesize
50KB

MD5
d81d53266f6b1f121f7a084e7240c197

SHA1
1271935fd87dce02b65f42463c5998deba0a2e15

SHA256
7dc33d1ece06ce998b48319c4af84ceba64ae21238ee439f216adcb24c047572

SHA512
35f7fab48b9c443884dccb3486a614427d269c38ce910b9873298fc463d4fd5c18a9c227a968b2f9e8d1f2fe8d2c1128562a775052ed0ddfe5fe6e4a64620de2

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt.tmp

Filesize
57KB

MD5
02c98042bd91710df0d9178d3a4a630f

SHA1
b11be0ac22119d0f826c4ed0309fd8b839a61520

SHA256
eb988db650e2786f4cd134d440b37192ecf4172bb090eb723b37de12f9d8ae37

SHA512
f07bdea0fca4203b3b16e19da263aae6960da042c25c111d5b53c0d0865021a7955b2af8b02c765f58c0942e28334fb14a93ab9c226dcee526d0c936758440b4

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt.tmp

Filesize
63KB

MD5
33c4b9c274bec3bee36a840fe7c23305

SHA1
fbef76f658753af968ab9e4660f9d79ed18998b6

SHA256
102c345fab28cdc75798574c624ef10694929da1ce43d50d4936323874795619

SHA512
73c84d84e0b920ddb8c14629de434faf83ad19c6602bd98bbaaef4e24c5e9b96a959ff6e90b6c29305d09d62ba845cedc3fca290851edc889af45e4eef361f94

Download Submit
C:\Program Files\7-Zip\Lang\fr.txt.tmp

Filesize
59KB

MD5
dc78db51cfcdfe7568c85b88d3e4c29c

SHA1
b3002f7283e972d9b26dd4c9c19034578f361d16

SHA256
6353aaba9a6c34a4e030c36fa0a52c4a55d93ede4ca8fe28759832c760914089

SHA512
abc19fde65f4b15f23bb999cc6fe6ac2aed201a427df569f7b15a6e4e2a9c3983812875d49afd03abcaa59fbe2228fc76c20ae5da782c1db306f3abe423713c6

Download Submit
C:\Program Files\7-Zip\Lang\fur.txt.tmp

Filesize
55KB

MD5
b4365d0bf2f209db99a61fbc51e1d168

SHA1
315bffaa98fe6aab57d7ed81a9825e08955819f9

SHA256
517fc3383d28ed14a65e7d0a6b9a17963197f288a616b6a15614ce671c48de1b

SHA512
fbe1d9fa0c38dfa6a00d1ad340930272fcd0382f0f88961c966f1704e3303bb0655f70330e77d37e3c536d36b847faa700e48da4be6aaf06aa77cbac20c9f223

Download Submit
C:\Program Files\7-Zip\Lang\fy.txt.tmp

Filesize
56KB

MD5
94afdfe5970c08997c79ecf52da80133

SHA1
ad3f8da79b6b260d5d34e118d451753dbf491930

SHA256
e4b3eaa95a491ab0eebc219f666e10f974f210bd88ebd3479a0f0e44fa23c5be

SHA512
daa88784fb7533d476d095826532896c0d815e10caeece61783288427e2e7c8a652303beb32cba1191dd64a42dd7660273f84ffdbf49035a907bf29bcdf73db3

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt.tmp

Filesize
57KB

MD5
9ea9a4b693babdac0eb5d1f683f6f0a7

SHA1
7891d0b6511b96cb71b96ecd972c8fa12ad57dd0

SHA256
9654412ca00e4ecf5abf90eb92c24b13d03f2a09d7a332666370f757ee6311fd

SHA512
ca808f880798e33fc4e237aa25be4594eb1ae56e3eb286b289286692fad27f21455e394e633c774bc5cab49bc32a9608851030c696a03d73dbe3c070e8da6b7c

Download Submit
C:\Program Files\7-Zip\Lang\gu.txt.tmp

Filesize
67KB

MD5
2a712399d733d5decef9b5756195babf

SHA1
91b9d670810ff15476e4198bf6e20dcbd2caa27c

SHA256
67e80d156e085b255e37afde1add2874cdaea98f22b04d751ff52d7261c7ca16

SHA512
7001ca18e2270fc151394c808754f6112b1c500f6008f1d119eecd0fa6b2b3781867d939eecd1feef82c2a24586e9005f79962a6667d49ebecce31811e38fd92

Download Submit
C:\Program Files\7-Zip\Lang\hi.txt.tmp

Filesize
65KB

MD5
a2d9cc19499f98650aebce04c5efad04

SHA1
2ac2780b68a21f675a0ddb759b8fea4ae145de54

SHA256
bf4bc69a17ff71baf776e17b2514ba120cba77bc4da9017a6da1061d5912e4cc

SHA512
f4b61dda76e9880733a498809dd3ab7b1e0f8168438972d6555d7181eec7191499777882e651274e2c63686eb261a7c62505a99ba01a59f2afc8513fbe0223aa

Download Submit
C:\Program Files\7-Zip\Lang\hr.txt.tmp

Filesize
58KB

MD5
245bf47d880d20fa891acd0903596cc0

SHA1
e297c1676ec854dcc6e7ba01881e053ad67b1d9d

SHA256
362baf74155034ca41e4863a505cb312dc0abee61eb3fa3ced7570a1f22fc56c

SHA512
82020d7a2f6af253de88e7cf3ff41a407108a72bce0a97cfff800877f94fb9ef28d9360b272a1221a4d9faa4336cb37d7b6135934eae9f1adeb2f6cde836b4e3

Download Submit
C:\Program Files\7-Zip\Lang\hu.txt.tmp

Filesize
57KB

MD5
04e3ab593fdfdf7bbcec0f86a0281e16

SHA1
46cfdb6c5cd34c96e6121434a1615d3ab8231f18

SHA256
e3f6d19f884c8bf6b194f57c2ce82fb322a991f448370692a5c9e72b758bc5b9

SHA512
9bd41da021005781ae67c089028f7b965a64e40e6a476853cb4fb48493cd4eeba5e95ad2f5bdca0b0b31dd9db34adf01b4babb5f2e2a91294b2395a5a1db4c9e

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt.tmp

Filesize
63KB

MD5
130e6a39ea4a7b0f0345dc0cf5c466f4

SHA1
778f6ee1d08a4afde866dea456e90241a31c4274

SHA256
bba7861e9087581b0c9ba843beac911470d68ad4bca6d1819a291d9cd7520ad9

SHA512
5f2225568a0998bbc49a894a8daa7ed1ae434361d33ac1034333104c16ebf6660da6d3e9e33dc83c88149e11db90b9f3d1923f4bff732f970d94ec0e75f44545

Download Submit
C:\Program Files\7-Zip\Lang\id.txt.tmp

Filesize
56KB

MD5
61fb21d8b3134f825ed12e81b70b7d3a

SHA1
47fd1357fe6a07e3b102c807c7e5908574fd8922

SHA256
ebb004a6c8d4d549e11718d11ce6cbdac00fdaa3c2cd041bee24c922310032dd

SHA512
bf0395a61900e414b5af75448ce4833281b3f13a09d0a9caae7d1dec8c44966026be124d4dbb35bd973e4ac29d38626562ec7899b6fee1ee43617074a377de45

Download Submit
C:\Program Files\7-Zip\Lang\ka.txt.tmp

Filesize
65KB

MD5
aeb9da6238b199790ea1db84972a5608

SHA1
a1c0e46dce469aad9dafc82f5c60d8b87ee055f2

SHA256
8b852a1c99093d42dcee19f4bbaeeb2c514049f87f59e910bff69b2ec35236f4

SHA512
b263c90dec2b88d290c2ca2091cbdf0d3e5765eb6bd801cac441c7c32f78f89d5a2ad263c342aae16abd3e00ea169db988c6995e8ae2659b79db3bfe1fec3767

Download Submit
C:\Program Files\7-Zip\Lang\kaa.txt.tmp

Filesize
55KB

MD5
5e0fce0f80eac7fd9de482e6a004979b

SHA1
9e53208f7e351588e2e837569209be413c8d0150

SHA256
b6eacee49be9c25d664c1877cdd691dd3745444a4b3c7e6f2c9c2f14f58de116

SHA512
0ec5c228c8426fa75636dc13bfb9094c3b32997ba2ed3ee1143fbf5143df6dd666875f3a7afa90a3675092fc2c2cc48da15fc4fdf09b96b76b71d73388984ed2

Download Submit
C:\Program Files\7-Zip\Lang\kab.txt.tmp

Filesize
56KB

MD5
2cc9ae66f96322f35d39f60d084d468f

SHA1
9b15496adc3fc5619ddc22432119b58937bee96c

SHA256
34c73e835231838881c151e08b9c91322111d92b86702bbff3ab7dd3bc748c34

SHA512
5606bba67e9a16d0ca248aeecc8bddc0da017b988a24d0457f0ba7eb779e2587759390e7bfd15330dba43cab254f36a088328bdf6027a9e760bc81975c7d7b2c

Download Submit
C:\Program Files\7-Zip\Lang\ko.txt.tmp

Filesize
50KB

MD5
02fd5f1286a868f39590ae43fec7a476

SHA1
44c7db1540d4dfb4203b15c7bc70aab565167db6

SHA256
4a67099c4e13d4f60249fef1132a6e633bea0a6b27fac44808e9340edb5c7940

SHA512
ca4115abb99900a973536e7c7f1046d2348702226b0c683ecfbd9d3359442fca2d8bd61300b8ee4da731e86f93199890dfab142263062e2b2bc1ef629fa3d936

Download Submit
C:\Program Files\7-Zip\Lang\mk.txt.tmp

Filesize
58KB

MD5
e9a74ecaa808798a1ae3d59a63b0f670

SHA1
8f2a2184f6c8b5334c7c305cfa2e51812f8e5109

SHA256
542e7180fbd391c16640c25a18420c52355e3fe83bbd98b92876b05924a3e8e8

SHA512
7e318ba248d7c036b7b19eccd76716914aab900864abde69318fcd5d1dedad3f927e523488b38119a544d47be44578fa28e28c997a73ce21c73ac5d51bd5963b

Download Submit
C:\Program Files\7-Zip\Lang\mn.txt.tmp

Filesize
58KB

MD5
4f06a03ef914b36c89be701c4dd7a69f

SHA1
b6943a73fdb2f472a3b9f267194fe3e47ceb9f90

SHA256
a44590e8246cd3a26ba91939f337eabc8a4c1c8dedea79ed5b0a6afb8fb2bbfc

SHA512
f31e279107ab8288baf1f64b192f0601727777376ad5c2f3801ecb309ad2595858bc023da96dd3627b8efb23eeb414a1ede6dff5dfe25ae12539a090c61bb553

Download Submit
C:\Program Files\7-Zip\Lang\mng2.txt.tmp

Filesize
68KB

MD5
25eabef3ef3036d5cb6ed3ccfd85dadc

SHA1
ab6c698a3a341da05203df544f9c92d440387115

SHA256
d81253d7a35465f137b0edfd1bdc0c7bdd6835e03ceccf7c031d24865fc94ccb

SHA512
8bffc316c2f3d05bd8a7403a4c1ec2a7085672d4570793076d1c5736ec53733185859dce7506db4c7bd1f24e5fed9fb594d4f28d1d0aaae963b9cf09dd5593b3

Download Submit
C:\Program Files\7-Zip\Lang\mr.txt.tmp

Filesize
60KB

MD5
7e0acbcec62c508652b75a64e3429f08

SHA1
80e28fe8902485d411bddf77277fe0a6d609d263

SHA256
d253dae1d15ad83c34aa015148a294ac78443704175f032fb8eda446f6903acd

SHA512
3395e07976c924502c642fb0f5dc2d93957f88ffa17f1bcc61f7a200da52afcea53c74d27e69153c4e4a2ff728d2bc0a2789be9843f2db4293dc514b730377f8

Download Submit
C:\Program Files\7-Zip\Lang\ms.txt.tmp

Filesize
55KB

MD5
0199c65c6b5a59827d9bfe766c757af6

SHA1
3aa3f6586f627a36f2e7aac765f2d3c76d4e704f

SHA256
a474660174356341a00d992adce4d5f769289cccc4640fe31f9f0c11b65d4caf

SHA512
aa7f247fe6feef467f8295cc6a90710f7695d94da01b5c24171598e7e5c115379b287a6449866bab0ccd1e1164995a1acc73f3783bf58e530e175bb473aec8ef

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt.tmp

Filesize
56KB

MD5
ba1be40ba2d2333a77f3c2cf3019b533

SHA1
1d80889bda64da64ef0e9adac324dc431c232f6f

SHA256
e3c684c116e82c203d0e5c8ab5146fd375c63a5ab3e1a79627017dc9ff27070b

SHA512
f6bc436f6a5a878a947b35c5c7960bf31367de38c17b950f89967b0ee1b05cca9142150d1e08cf45f00e45af4212570fa8f498a5b84bbdc29a1800ade8f871b9

Download Submit
C:\Program Files\7-Zip\Lang\nn.txt.tmp

Filesize
55KB

MD5
1a88c0c7567e4c8f4a261e7439085814

SHA1
1cb3285d8a9a475fe5a0edad6f7ebb47a2dcfe34

SHA256
def19dce8ada334a90ede2d161328ca8ed247376b3b7425ed6afe34cf5b8cd8a

SHA512
190f1df7c80e24f545a721f0462ad7bb39b875263777741876cd7a9d9c70272493c9e1e90e272846d4691c5a9dacdb092656cad1ac538f9846458c92f8fad7bc

Download Submit
C:\Program Files\7-Zip\Lang\pa-in.txt.tmp

Filesize
62KB

MD5
5044c8b0a368a66c2c41716be2f4b570

SHA1
6e9058aa82076808d5afa7af82f854f519a32486

SHA256
3103b87f4d0454e7f80b4b5cc17f276d7320c9448d401cebcc9ffed73a53f923

SHA512
9310be2df9785654940854b831b60bfd81805855301938cec04992436262c9765409da7b3700badee813394ee2dd929e2b5322615feb560d640a87a450ab35a0

Download Submit
C:\Program Files\7-Zip\Lang\pl.txt.tmp

Filesize
59KB

MD5
413ba9eab8ce31f6ecf2c08a210d3121

SHA1
df6a8a00ba55fc1ba34a52e42955ae7f0c6f38fc

SHA256
84ec2d482ebfbaa45d593feedaf0f271935ba604e57350120f0080d608782d04

SHA512
bb8cff55cc85c8f5dc56e5a5da659ebba0bf55e613a3dfa539829d3278affd7cbdea8c0df45c1db37ec57f826ba93140c47641d9dfa3ae52aff619fb902d60f4

Download Submit
C:\Program Files\7-Zip\Lang\pt-br.txt.tmp

Filesize
57KB

MD5
69d4197247eff80b3eca3ce8f9fbd401

SHA1
9146f0b562a53da449dd6c20ce7f84576f3d394f

SHA256
f7695dd5dd642decced12567202170842d8563ca27fc8417e23644cdc85b524c

SHA512
e701fb8b8cf22e8da713b7ff1c43e4d7dd8305c09096f9e60b33699c8365f7bbb70981b7eebe6654a3ac5d822bc40e0dc4453b1b721dc753817d929294dda582

Download Submit
C:\Program Files\7-Zip\Lang\ro.txt.tmp

Filesize
48KB

MD5
e60e0ff250cc99c61efa8a6f2baa7e96

SHA1
4461c496824f5c68f3e3e01bb763fce42278d4d6

SHA256
18018d90580fedfa3436efb78b3455e8c6204924c33c48306803d8e8e07d2704

SHA512
c967de3f296df0b49291465a655beb6eb80bb56c6361a0d246d0e4d91c95240f12f7911e3a157ebd5288a0c74c0b44477972bbe4dd6b8ace412a96c56a027406

Download Submit
C:\Program Files\7-Zip\Lang\ru.txt.tmp

Filesize
65KB

MD5
6d77d15c3e1644af6fea030c1d0a88df

SHA1
505f33a34290f5a32786fe3f4a83fd9eb642a462

SHA256
09ddecdb9b5ca97779ca197eadb2cf873e1f50dc78fce81e7025a2e8466ebe19

SHA512
fe9b47e8ec468a48713445cb8344215e526d9f5ef0aaf10742a95230da0bd2430e50e81a7dd6acd278986965ed7a92fb0a5a5026280d8c0f900b7d23b6cbc09f

Download Submit
C:\Program Files\7-Zip\Lang\sa.txt.tmp

Filesize
68KB

MD5
8591d8c673962194f3ca8bdb9c42fbc6

SHA1
418c806203700566f8a400873cf51e2da1c0b1bd

SHA256
cc9c173197100ff5f2463461b691d87415d69c711471f47dad00391436e33969

SHA512
809290d0ec1a5f18cc290416b97d4624cbb5794d000640d615f8b8b22c3a202a6c3d762b940c9a57d32cd80367fae3e2dd630bc51f3df5694d6151b405f40b7f

Download Submit
C:\Program Files\7-Zip\Lang\si.txt.tmp

Filesize
68KB

MD5
ad9c57113f266ccb190e36ac9b06d9d5

SHA1
3924d4ea71f0653f878e356ba75eb815de2c024b

SHA256
bc7e36566161ea40f375c9884976b591e10253c27582836a545fe57dfa4216f5

SHA512
e4c1091f65d56cbec93df29c7f62f33665a0b6ff7f13cef3e4359031fb65282d67e3361cc92c0980aa75e50ec3de136b38f7e9ff45a43fcc69019483b09d349a

Download Submit
C:\Program Files\7-Zip\Lang\sk.txt.tmp

Filesize
59KB

MD5
81daa1f97b89b195159012564a328d13

SHA1
bcbdcde2b7a7d0b6110982b88e9287b17d1c21be

SHA256
15337f009dbd0efdd7ad43354259db465973ddaf402f952b158f8917ac5d5af2

SHA512
35eebb4d34da23cbdee9d3fca4ac69ef71c7e5b19447420047ef4d05030b9094cc4e7e27760d1937e637f7e360693d09c66ec3139cf3dac1e62de841bf9eb4d6

Download Submit
C:\Program Files\7-Zip\Lang\sl.txt.tmp

Filesize
58KB

MD5
605bd387311c02f2fee9ff7c7a89cd67

SHA1
e610bde29a7c992a559d0049d219f98c7f26bc34

SHA256
df949cf4d11142b7776e76aaeaee048fbc02f375c82fa351d955d9aa92ff4a82

SHA512
95c11270546a4a31e67d2375c5a46a1cbdf1607cf1873a2a6a4dec25f1cebf6522d4edb49aab445211d1661dd2a224bb036a55ac825f265a63799f0b5e037e71

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Primitives.dll.tmp

Filesize
65KB

MD5
2452d8fb1ee3d8efb1d34fb9acaae51a

SHA1
0aee348e31f24c370aa91fe8591d12e380c8cac8

SHA256
eeb783ca8f7ea53a52321914a7e1d731eef068e31569ee4d825eaeac4d7cc0ae

SHA512
6ac67480f27b1bde37afef8a8766abfee97915401221837a9b9ccd3157840c7d95ff1c7369e867eaadf9f3fde8bf224bec2663e2c0f118d56a76dc453d8bff4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_dfrgui.lnk.exe

Filesize
50KB

MD5
2b012cb7a8836ef192df553a40aff45f

SHA1
015e3252c4227551bc50bd7f1379fb3633e186f7

SHA256
55fe2ea53274ad606401d0220ebc5bcbef1bcd5a662c6b9595e779257b70d46b

SHA512
71fc7830b372d9c1e39e695db0a9977ae8d2efc103acb11d9817dd9eea6f7119b8209596655a1e2b9b5c72b4565a30b7cb749305453fa37d320b8684d62dd3c2

Download Submit
C:\Windows\SysWOW64\Zombie.exe

Filesize
47KB

MD5
4defb4912caac07a2c321527d896b7ea

SHA1
14fb7b1d0c4aca39e6d04a2d8f0cc85851deb82a

SHA256
7f49f13bdde8161e905b01fa4e3929968b88510050b1ed3c50f0f130c018b72e

SHA512
8adf3ae4c31bf114df6df604540e5e470e6f529dc46ffa579187072e6645591dfcdd2d2b168d504b5e0b18b0bc64902bd412340bc23a49a3d017ad3878d8ec49

Download Submit
C:\libsmartscreen.dll.exe

Filesize
47KB

MD5
af72a42ea8ee566cb57f894a4c0e4032

SHA1
7d0670f9ddec59fb0140beaeeb1b5616b68ba641

SHA256
511008b00db77d944f9917c5bbcd5b03d069ed897876d1efeea28aacaf3aa26a

SHA512
f163cf3ea7761c604bd4d0d38d10a639bd5615b4019e7587b518ec7126c77d04e6ed01624c7226a0df3228409584e4d0880cb1fb52a5494f8fc68df062dc6757

Download Submit